China proposes ‘Global Initiative on Data Security’ forbidding stuff it and Huawei are accused of doing already
State-sponsored infrastructure hacking, backdoors-by-fiat and even lock-in all out of bounds in draft code
China has proposed a “Global Initiative on Data Security” that it hopes the world will adopt to govern the collection and use of data by governments and the private sector alike.
The code was revealed today in a speech by state councilor and foreign minister Wang Yi at an event called the International Seminar on Global Digital Governance. China has only ten state councilors and the body is analogous to the Cabinet in a democracy, which we mention to indicate that Yi has gravitas and authority – China did not assign the enunciation of this idea to a lowly functionary.
Yi outlined an eight-point code that China hopes the world will adopt. The elements of the plan are:
- Approach data security with an objective and rational attitude, and maintain an open, secure and stable global supply chain.
- Oppose using ICT activities to impair other States' critical infrastructure or steal important data.
- Take actions to prevent and put an end to activities that infringe upon personal information, oppose abusing ICT to conduct mass surveillance against other States or engage in unauthorized collection of personal information of other States.
- Ask companies to respect the laws of host countries, desist from coercing domestic companies into storing data generated and obtained overseas in one's own territory.
- Respect the sovereignty, jurisdiction and governance of data of other States, avoid asking companies or individuals to provide data located in other States without the latter's permission.
- Meet law enforcement needs for overseas data through judicial assistance or other appropriate channels.
- ICT products and services providers should not install backdoors in their products and services to illegally obtain user data.
- ICT companies should not seek illegitimate interests by taking advantage of users' dependence on their products.
Yi said the plan is needed because the world economy’s move to online activity has increased data security challenges that “ … have put national security, public interests and personal rights at stake, and posed new challenges to global digital governance.”
The resulting inconsistent national laws “pushed up the compliance costs for global businesses,” he complained, before suggesting “To reduce the deficit in global digital governance, countries face a pressing need to step up communication and coordination, build up mutual trust and deepen cooperation with one another.”
We have not and will not ask Chinese companies to transfer data overseas to the government in breach of other countries' laws,
Some sections of Yi’s speech seem designed to address the allegation that Chinese firms are beholden to the nation’s government. “We have not and will not ask Chinese companies to transfer data overseas to the government in breach of other countries' laws,” Yi said.
“I hope the Chinese initiative will serve as a basis for international rules-making on data security and mark the start of a global process in this area,” Yi said. “We look forward to the participation of national governments, international organizations and all other stakeholders, and call on States to support the commitments laid out in the Initiative through bilateral or regional agreements. We are also open-minded to good ideas and suggestions from all sides.
Some of Yi’s remarks will be well-received: his second point is close to the goals of the Global Commission on the Stability of Cyberspace (GCSC). But his sixth point, the call to “Meet law enforcement needs for overseas data through judicial assistance or other appropriate channels” is tricky given it could impinge on sovereignty.
The call for an end to corporate espionage may also ring a little hollow, at least if western intelligence agencies are to be believed.
At the time of writing The Register has not encountered any responses to China’s proposal. And of course anything said in the next 24 hours is irrelevant, as Yi’s call for regional or bilateral agreements to adopt China’s plan will require extensive negotiations.
US, China manage to keep a straight face while promising to not hack each other's corpsREAD MORE
As did the China-USA no-hack-pact of 2015, which was quickly seen as not much more than tawdry security theatre as both nations continued to probe each other whenever deemed necessary and failed to prevent the Trump administration later creating its “Clean Network” plan on grounds that all of China’s technology companies represent a national security risk. ®